With the advent of electronic medical records, a patient's medical record can be accessible by various employees operating in a healthcare provider network. The nature of medical workflows is such that traditional role- or attribute-based access control for the medical records may not be feasible as the complexity of clinical care may result in various parties needing to access a patient's medical record, and indeed, rigid access controls may prevent access in emergency situations. Accordingly, however, a given patient's medical record may be subject to breach, or inappropriate accessing, by various parties. A multitude of scenarios for breach can be envisioned where an employee may access a medical record of someone with whom they have a personal interest (e.g., a celebrity, family member, co-worker, etc.) who may be under the care of the healthcare provider network, where the access is unrelated to the employee actually providing services to that person in the healthcare industry. Not only is inappropriate accessing generally not desirable, but it can also result in fines to the healthcare provider network. Accordingly, it is in the healthcare provider network's interest to prevent inappropriate accessing of electronic medical records. Moreover, patients who feel their medical records are being compromised are much less likely to divulge truthful medical information to the healthcare provider network, and thus patient care may be impacted in this regard.
Auditing systems have been developed for tracking employee access of medical records, but these systems do not provide certain desirable analyses of the accessing.